SSL Configuration in Load balanced environment - Nopcommerce 3.9

Hi Andrei,

Is the "EnableSSL" flag supported in a load balanced environment in nop 3.9?

Currently "EnableSSL" causes redirection loop likely due to missing check for "X-Forwarded-Proto" header.

Manual redirect to https can be achieved instead using IIS Rewrite or example below:

  
protected void Application_BeginRequest() {
  if (!string.Equals(Request.Headers["X-Forwarded-Proto"], "https", StringComparison.InvariantCultureIgnoreCase) && HttpContext.Current.Request.IsLocal.Equals(false)) {
    Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
  }
}

I am sure you are aware that doing the redirect manually will not not serve images from the database securely.

Is there ability in nopcommerce to serve the images via https in this setup?

Hi,

Just enable (uncomment) "Use_HTTP_X_FORWARDED_PROTO" element in web.config file

Thanks Andrei,

I have another client on 3.5.
Was this feature supported prior to 3.9 or will an update be required?

You can manually implement it in 3.50. Please see how this setting is used in 3.90

Would you kindly point me at the relevant pages?

Open the solution in Visual studio and search it by "Use_HTTP_X_FORWARDED_PROTO" keyword. You'll see all references

@AppSoft

I don't want to hijack your thread, but do have a question for you.  How are you setting up your load balancer?

Are you removing the incoming header from the client and replacing is with the X-Forwarded-Proto header and specifying https ?

I am trying to get my "ducks in a row" as well for SSL offloading.

Yes, I have the setup you descibed.

I then updated to nop 3.9 and enabled "Use_HTTP_X_FORWARDED_PROTO" in web.config.

Everything is now peachy!

Thank you for the information.

But seem like there is no such config in 4.0, and if i am using load balancer ssl offloading and enable ssl, it cause too many redirect error, can any one plz help